From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dpreed@reed.com>
Received: from smtp201.iad.emailsrvr.com (smtp201.iad.emailsrvr.com
	[207.97.245.201])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by huchra.bufferbloat.net (Postfix) with ESMTPS id 3CD5B21F115
	for <cerowrt-devel@lists.bufferbloat.net>;
	Thu, 10 Jan 2013 06:58:02 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by smtp50.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id
	D72503708D9; Thu, 10 Jan 2013 09:58:00 -0500 (EST)
X-Virus-Scanned: OK
Received: from legacy18.wa-web.iad1a (legacy18.wa-web.iad1a.rsapps.net
	[192.168.4.108])
	by smtp50.relay.iad1a.emailsrvr.com (SMTP Server) with ESMTP id
	B6EC03707FE; Thu, 10 Jan 2013 09:58:00 -0500 (EST)
Received: from reed.com (localhost.localdomain [127.0.0.1])
	by legacy18.wa-web.iad1a (Postfix) with ESMTP id A5B19360032;
	Thu, 10 Jan 2013 09:58:00 -0500 (EST)
Received: by apps.rackspace.com
	(Authenticated sender: dpreed@reed.com, from: dpreed@reed.com) 
	with HTTP; Thu, 10 Jan 2013 09:58:00 -0500 (EST)
Date: Thu, 10 Jan 2013 09:58:00 -0500 (EST)
From: dpreed@reed.com
To: "Maciej Soltysiak" <maciej@soltysiak.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_20130110095800000000_72672"
Importance: Normal
X-Priority: 3 (Normal)
X-Type: html
In-Reply-To: <CAMZR1YAFhAs=_7hAiAjX12_QSBYxpFx1gUjEtwk-DjgimVKR0Q@mail.gmail.com>
References: <CAMZR1YAFhAs=_7hAiAjX12_QSBYxpFx1gUjEtwk-DjgimVKR0Q@mail.gmail.com>
Message-ID: <1357829880.67618376@apps.rackspace.com>
X-Mailer: webmail7.0
Cc: cerowrt-devel@lists.bufferbloat.net
Subject: Re: [Cerowrt-devel] Nokia decrypts user's HTTPS to compress to
	improve speed
X-BeenThere: cerowrt-devel@lists.bufferbloat.net
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Development issues regarding the cerowrt test router project
	<cerowrt-devel.lists.bufferbloat.net>
List-Unsubscribe: <https://lists.bufferbloat.net/options/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=unsubscribe>
List-Archive: <https://lists.bufferbloat.net/pipermail/cerowrt-devel>
List-Post: <mailto:cerowrt-devel@lists.bufferbloat.net>
List-Help: <mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=help>
List-Subscribe: <https://lists.bufferbloat.net/listinfo/cerowrt-devel>,
	<mailto:cerowrt-devel-request@lists.bufferbloat.net?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2013 14:58:02 -0000

------=_20130110095800000000_72672
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

=0AI'm curious if they have data about how much compression they are achiev=
ing?  Most HTTPS servers are set up by people who use quite a bit of compre=
ssion in the payload (gzip of web pages, etc, "minification" of javascript)=
, so I would hypothesize that the actual savings are minimal on the average=
.=0A =0AHowever, it points out that there is a man-in-the-middle problem wi=
th HTTPS alone.  Your phone's browser should be checking the certificates m=
ore rigorously than it does.  It can do that quite easily, and I think the =
destination can do that in Javascript that comes with the pages.=0A =0A"We =
don't look" is not a defense in the EU privacy regime, and probably not in =
the US one (though many US Senators think that ISP's looking at content is =
just fine).=0A =0A-----Original Message-----=0AFrom: "Maciej Soltysiak" <ma=
ciej@soltysiak.com>=0ASent: Thursday, January 10, 2013 9:46am=0ATo: cerowrt=
-devel@lists.bufferbloat.net=0ASubject: [Cerowrt-devel] Nokia decrypts user=
's HTTPS to compress to improve speed=0A=0A=0A=0A[http://yro.slashdot.org/s=
tory/13/01/10/1356228/nokia-admits-decrypting-user-data-claiming-it-isnt-lo=
oking] http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypti=
ng-user-data-claiming-it-isnt-looking=0A=0AHave a look at what corporations=
 resort to when they're in need of serious debloating and things like TCP F=
ast Open? :-|=0A=0ARegards,=0AMaciej
------=_20130110095800000000_72672
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<font face=3D"times new roman" size=3D"2"><p style=3D"margin:0;padding:0;">=
I'm curious if they have data about how much compression they are achieving=
?&nbsp; Most HTTPS servers are set up by people who use quite a bit of comp=
ression in the payload (gzip of web pages, etc, "minification" of javascrip=
t), so I would hypothesize that the actual savings are minimal on the avera=
ge.</p>=0A<p style=3D"margin:0;padding:0;">&nbsp;</p>=0A<p style=3D"margin:=
0;padding:0;">However, it points out that there is a man-in-the-middle prob=
lem with HTTPS alone.&nbsp; Your phone's browser should be checking the cer=
tificates more rigorously than it does.&nbsp; It can do that quite easily, =
and I think the destination can do that in Javascript that comes with the p=
ages.</p>=0A<p style=3D"margin:0;padding:0;">&nbsp;</p>=0A<p style=3D"margi=
n:0;padding:0;">"We don't look" is not a defense in the EU privacy regime, =
and probably not in the US one (though many US Senators think that ISP's lo=
oking at content is just fine).</p>=0A<p style=3D"margin:0;padding:0;">&nbs=
p;</p>=0A<p style=3D"margin:0;padding:0;">-----Original Message-----<br />F=
rom: "Maciej Soltysiak" &lt;maciej@soltysiak.com&gt;<br />Sent: Thursday, J=
anuary 10, 2013 9:46am<br />To: cerowrt-devel@lists.bufferbloat.net<br />Su=
bject: [Cerowrt-devel] Nokia decrypts user's HTTPS to compress to improve s=
peed<br /><br /></p>=0A<div id=3D"SafeStyles1357829496">=0A<div><a href=3D"=
http://yro.slashdot.org/story/13/01/10/1356228/nokia-admits-decrypting-user=
-data-claiming-it-isnt-looking">http://yro.slashdot.org/story/13/01/10/1356=
228/nokia-admits-decrypting-user-data-claiming-it-isnt-looking</a></div>=0A=
<div></div>=0A<div>Have a look at what corporations resort to when they're =
in need of serious debloating and things like TCP Fast Open? :-|</div>=0A<d=
iv></div>=0A<div>Regards,</div>=0A<div>Maciej</div>=0A</div></font>
------=_20130110095800000000_72672--